Kaspersky Security Center DataBase

When you configure Kaspersky Security Center to send log data to USM Appliance, you can use the Kaspersky Security Center DataBase plugin to translate the raw log data into normalized events for analysis.

Device

Details

Vendor

Kaspersky

Device Type

Management platform

Connection Type

Database

Data Source Name

kaspersky-sc-db

Data Source ID

1737

Configuring the Kaspersky Security Center Database Plugin

Before configuring the plugin, you must first obtain the IP address, port number, and an authenticated user account of your database.

To configure communication with the Kaspersky Security Center database

Connect to the AlienVault Console through SSH and use your credentials to log in.

The AlienVault Setup menu displays.

On the AlienVault Setup main menu, select Jailbreak System to gain command line access.

Select Yes when prompted. You will be in the root directory.

Create the file /etc/ossim/agent/plugins/kaspersky-sc-db.cfg.local.

In the .local file, add these lines, replacing the text (including the <>) with the correct information.